|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: weird 500/udp
From: Jason Witty (jason
WITTYS.COM)Date: Wed Aug 30 2000 - 15:53:29 CDT
- Next message: Nexus: "Re: A slap on the wrist...?"
- Previous message: Robert G. Ferrell: "Re: Annoy Those Sub7 Scanners."
- In reply to: David Myers: "weird 500/udp"
- Next in thread: Mark van Walraven: "Re: weird 500/udp"
- Reply: Jason Witty: "Re: weird 500/udp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David,
UDP port 500 is used for the ISAKMP (now IKE) portion of IPSec (commonly
used for VPN access). See http://www.faqs.org/rfcs/rfc2408.html for more
information on ISAKMP. Most likely, these kiddies were looking for
improperly configured IPSec VPN termination boxes that they could abuse
to gain access to an internal network. Hope it helps.
Jason
BTW - http://www.wittys.com/files/all-ip-numbers.txt lists loads of
ports and protocols (it's a compilation of findings of this list, as
well as RFCs and IANA docs). Hope it's useful!
David Myers wrote:
>
> 967537034 - 08/29/2000 04:17:14 Host: monster.radiotelcom.ru/212.48.143.12
> Port: 500 UDP Blocked
> 967569428 - 08/29/2000 13:17:08 Host: mail.openleren.glr.nl/195.109.196.2
> Port: 500 UDP Blocked
> 967614728 - 08/30/2000 01:52:08
> Host: p3E9EDB02.dip.t-dialin.net/62.158.219.2 Port: 500 UDP Blocked
>
> anyone have any ideas?
>
> thanks,
> David Myers
- Next message: Nexus: "Re: A slap on the wrist...?"
- Previous message: Robert G. Ferrell: "Re: Annoy Those Sub7 Scanners."
- In reply to: David Myers: "weird 500/udp"
- Next in thread: Mark van Walraven: "Re: weird 500/udp"
- Reply: Jason Witty: "Re: weird 500/udp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]